Yet another reason why we need an open source web browser.
Three come to mind:
1) Mozilla
2) KDE Konqueror
3) Gnome browser
Kent
On Fri, 4 Feb 2000, Leon Atkinson wrote:
> > Is there a technique or process that we can test this vulnerability?
> >
> > I have not heard of this before, am glad to do some extensive testing.
>
> OK, first of all, here's the advisory:
>
> <http://www.cert.org/advisories/CA-2000-02.html>
>
> Here's a summary. Users can send data to you that contains HTML, including
> <SCRIPT> tags. If you display what they send you without filtering it,
> the script will execute in whoever's browser requests it. That could be
> bad. Browser are extremely buggy and new bugs are continually found that
> allow scripts to do nasty things. So, you should protect everyone by
> not allowing anyone to embed malicious HTML in messages they send you. This
> is not just for obvious things like posting to a BBS, but also for things
> you might not expect. What if you print the User-agent string inside an
> HTML comment?
>
> How do we know that FreeTrade doesn't allow this? We can't ever prove a
> negative, but we can feel very confident if we inspect the code. The only
> technique I can suggest is to read each line and consider "what if".
>
> Leon
>
>
>
> ------------------------------------------------------------
> To subscribe: [EMAIL PROTECTED]
> To unsubscribe: [EMAIL PROTECTED]
> Site: http://www.working-dogs.com/freetrade/
> Problems?: [EMAIL PROTECTED]
>
>
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Site: http://www.working-dogs.com/freetrade/
Problems?: [EMAIL PROTECTED]
